semantic web standards

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech

Semantic Web Standards

Presented By: David Shelly



Topics

SemID OntologyDistributed Service DeploymentWeb Services Performance



SemID (Semantic ID)Ontology

Mohammad M. R. ChowdhuryJosef Noll

Juan Miguel Gomez

UniK- University Graduate Center, Kjeller, Norway

Universidad Carlos III de Madrid, Madrid, Spain

http://www.semid.org/


Introduction

Problems Addressed:Access control in distributed and dynamic systemsPrivacy issues in project oriented corporate networks

Ontology Solution:Secure access to project resourcesMaintain privacy of members

“Ontologies are [the Semantic Web’s] cornerstone technology, providing structured vocabularies that describe a formal specification of a shared

conceptualization.”


Roles


Use case: Rel9 Project


Functional Architecture

Formalize the semantics of roles, policies, and rules

Role – Has certain policy or policies assigned to it

Policy – Represents the privilege reserved for each role in a community and expressed through a set of Rules (R1, R2,… Rn)

P = {R1, R2,… Rn}

Rules – Takes an access request as an input and results in an action (permit, deny, or not-application)

R = {S, R, A}


Example Rules

R = {JosefNoll, Deliverables, Permit }

R = {GeirEgeland, Deliverables, Deny}


Protégé Example

http://protege.stanford.edu/


Web Ontology Language (OWL)

SemID Ontology has 10 propertiesdomain – classes to which a property is attachedrange – allowed classes for properties

<owl:ObjectProperty rdf:ID="hasAction"><rdfs:domain rdf:resource="#Rule"><rdfs:range rdf:resource="#Action"></owl:ObjectProperty>


Implementation

Four different policiesAdministratorFinalApprovalReadRead/Write

<Policy rdf:ID="Administrator"><Policy rdf:ID="FinalApproval"><Policy rdf:ID="Read"><Policy rdf:ID="ReadWrite">


Implementation

Four instances of roleProject LeaderSupervisorProject memberVisitor

<Role rdf:ID="Project Leader"><hasVisibilityOfGroup rdf:resource="#Rel9 Project"><hasPolicy rdf:resource="#Administrator"/><hasPolicy rdf:resource="#FinalApproval"/><hasPolicy rdf:resource="#ReadWrite"></Role>


Implementation

Four properties in Identity InstancehasGrouphasVisibilityhasRolehasSupervisor

<Corporate Identity rdf:ID="Erik Swansson"><hasGroup rdf:resource="#Ericsson"><hasGroup rdf:resource="#Rel9 Project"><hasVisibility rdf:resource="#Ericsson"><hasVisibility rdf:resource="#Rel9 Project"><hasRole rdf:resource="#Project Member"><hasSupervisor rdf:resource="#Peter_Johansson"/></Corporate_Identity>


Discussion

Advantages of SemID over permissions schemes used in Windows/Linux?Is the SemID scheme usable? Will companies continuously update projects, roles, and permissions?


Distributed SystemDeployment

Artin AvanesJohann-Christoph Freytag

Christof Bornhovd

Humboldt-Universitat zu BerlinBerlin, GermanySAP Labs, LLC

Palo Alto, California


Introduction

Advantages of Distributed Service DeploymentHigher system scalabilityBetter system response timeHigher data accuracy

New ChallengesIncreased DynamicsLimited Resource CapabilitiesLimited ReliabilityHigher Demand for Scalability


Service Classes

Three Major Service Classes

Business Logic ServicesAggregation Services and Data Management ServicesBasic Infrastructure Services


Tiered System Architecture


Service Deployment

Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection


Service Deployment

Service MappingMapping Function

Context-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection


Service Deployment

Service MappingContext-Aware Determination of Service Requirements

Translation ProcessGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection


Service Deployment

Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource Tracking

Group-Based Retrieval AlgorithmPriority Assignment and Query ProcessingDistributed Service Injection


Group-Based Retrieval Algorithm


Service Deployment

Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query Processing

Two major request classesThree strategies to determine priorities

Distributed Service Injection


Priority Assignment and Query Processing


Service Deployment

Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection

Pair matching


OSGi Prototype Implementation

Example Scenario:“A wireless sensor network measures the temperature in specific areas of a warehouse, whereas the current temperature values are periodically forwarded to the display of a worker’s PDA. Each worker is equipped with such a PDA and can immediately react if the temperature exceeds a certain threshold to avoid damage of goods or machines.”


Performance Evaluation

List Topology≤ O(N) + O(N2 + N * H) →«O(n2 + n * H)

(no packet merging)

≤ O(N) + O(N) →« O(n)(with packet merging)

Star Topology« O(n)

Binary Tree Topology→ O(lnN * N ln(2)) ≤ O(lnN * N 0.7) « O(ln n * n 0.7)


Discussion

How could using a Distributed System Deployment in Mobile Ad-Hoc Networks apply to usable security?What privacy issues are at risk in distributed system deployment schemes?

semantic web standards

Documents